SBStackbroker
Audit

Decisions you can verify.

Every routing decision gets an audit_idand a content-addressed proof hash. Each new audit record also commits to the hash of the record before it — a tamper-evident chain — and once a day the chain head is signed with our Ed25519 key and published. Change one historical decision and every hash after it breaks. You don't have to trust the tower; you can check its math.

GET /v1/audits/anchorsVerification public keyScoring methodology
The proof system

Three layers, in plain language

  1. 01

    Per-decision proof

    Each route/preflight decision is hashed (sha256 over canonical JSON of the full decision record — candidates, per-factor scores, policy checks, verdict). The owning operator can replay it via GET /v1/audits/{id}, which returns the methodology version used, every candidate's factor scores, the policy checks with results, and the chain link.

  2. 02

    Hash chain

    Every chained record's hash includes the previous record's hash: record_hash = sha256(seq|entry_type|ref_id|payload_hash|prev_hash). The chain runs from deployment forward (genesis prev_hash is sha256("stackbroker-audit-chain-genesis")); records that predate chain genesis are not retroactively chained — we do not rewrite history, even to improve it.

    genesis prev_hash: 093e04316d48f5c5878f29688d6eb6ff7d18cde64371388b836fb141ced733c9

  3. 03

    Daily signed anchors

    At the end of each UTC day, the chain-head hash and entry count are signed (Ed25519) and published below and at /v1/audits/anchors. Anchors carry hashes and counts only — never agent or operator data. Human review actions in the trust pipeline are chained the same way, so human judgment is part of the verifiable record too.

Do it yourself

How to verify an anchor

Four steps, standard tooling, no Stackbroker account needed:

  1. Fetch /.well-known/stackbroker-signing-key and load the PEM public key.
  2. Fetch /v1/audits/anchors and pick an anchor. Serialize its payload as canonical JSON (object keys sorted recursively).
  3. Verify: ed25519_verify(base64decode(signature), canonical_json_bytes, public_key) — for example in Node: crypto.verify(null, Buffer.from(canonicalJson), publicKey, Buffer.from(signature, "base64")).
  4. To verify a specific decision against the chain: take replay.chain from GET /v1/audits/{id}, recompute sha256(seq|route|audit_id|payload_hash|prev_hash), and confirm it equals record_hash and chains to a signed anchor head.

signature scheme: Ed25519 · key_id f5596e5a2e1e2158 · canonical JSON = recursively key-sorted JSON.stringify

Published daily

Recent anchors

No anchors published yet — the chain anchors its first completed UTC day after deployment. The machine endpoint is live at /v1/audits/anchors.

Privacy

What stays private

Public surfaces (this page, anchors, the signing key) carry hashes, counts, and versions only. Raw audit records — tasks, policies, candidates — remain authenticated: readable by the owning organization and Stackbroker admins, nobody else. See the privacy policy.